Practical considerations for using Azure internal load balancer and BIG-IP
Hey Michael,
How did you get the alien range to work as you mentioned in the "Advanced Use Cases (Not Pictured)" - bullet 2?
My current setup:
2x F5 active/active - 2 nics (Mgmt and Dataplane)
1x ILB with HA Ports LB Rule and Floating IP Enabled (to avoid the destination NAT performed by ILB as you mentioned)
Route Table on Web Subnet with route default all traffic to the FEIP of the ILB (for symetric routing)
Route Table on Client Subnet with route to alien range and next hop as FEIP of the ILB (as above)
VIP on F5 within the alien range (and the range does not exist within Azure)
My reasoning for wanting to get this to work is without it I can have an Active/Active setup without SNAT but only with 1 Web Server or performing destination port nat (via VIPs) on the same secondary IPs of the F5's due to the HA Ports rule on the ILB. However, if I can get the alien range to work then I can have Active/Active F5's without SNAT for multiple web applications behind the same pair of F5's without having to perform destination port nat.
Unfortunately, all my stats are 0 when trying the alien range which tells me Azure isn't even sending my packets to the F5. My assumption is that a firewall would have to be used in the scanario to perform destination NAT of the alien range to the front end ip of the LB.
Thanks for your help